FBI briefed on alternate Sony hack theory

Uploaded on 2015-01-08 in GOVERNMENT-Law Enforcement, GOVERNMENT-Defence

FBI agents who are investigating the Sony Pictures hack were briefed recently by a security firm that says its research on the attacks points to laid-off Sony staff and not to North Korea, as the perpetrator.

Even the unprecedented decision to release details of an ongoing FBI investigation and President Barack Obama publicly blaming the hermit authoritarian regime hasn’t quieted a chorus of well-qualified skeptics who say the evidence just doesn’t add up.

Hackers who targeted Sony Pictures over the release of the film The Interview “got sloppy” and inadvertently revealed their links to North Korea, according to the director of the FBI.

James ComeyPicture: James Comey, the director of the Federal Bureau of Investigation

Speaking at the International Conference on Cyber Security James Comey said hackers had mistakenly sent messages that could be traced to IP addresses used exclusively by North Korea.

Comey said the North Korean origins of the cyber attack were evident despite the use of proxy servers in other countries to throw investigators off their trail.

"It was a mistake by them," he said. "It made it very clear who was doing this."

The US federal investigations chief added that he had a “very high confidence” that the attack was carried out by North Korea, “as does the entire intelligence community”.

However researchers from the cyber intelligence company Norse have said their own investigation into the data on the Sony attack doesn’t point to North Korea at all and instead indicates some combination of a disgruntled employee and hackers for piracy groups is at fault.
The FBI says it is standing by its conclusions, but the security community says the agency has been open and receptive to help from the private sector throughout the Sony investigation.

Norse, one of the world’s leading cyber intelligence firms, has been researching the hack since it was made public just before Thanksgiving.

Norse’s senior vice president of market development said the quickness of the FBI’s conclusion that North Korea was responsible was a red flag.

“When the FBI made the announcement so soon after the initial hack was unveiled, everyone in the [cyber] intelligence community kind of raised their eyebrows at it, because it’s really hard to pin this on anyone within days of the attack,” Kurt Stammberger said in an interview as his company briefed FBI investigators Monday afternoon.

He said the briefing was set up after his company approached the agency with its findings.
Stammberger said after the meeting the FBI was “very open and grateful for our data and assistance” but didn’t share any of its data with Norse, although that was what the company expected.

The FBI afterwards said that it is standing behind its assessment, adding that evidence doesn’t support any other explanations.

“The FBI has concluded the Government of North Korea is responsible for the theft and destruction of data on the network of Sony Pictures Entertainment. Attribution to North Korea is based on intelligence from the FBI, the US intelligence community, DHS, foreign partners and the private sector,” a spokeswoman said in a statement. “There is no credible information to indicate that any other individual is responsible for this cyber incident.”

In addition to Norse’s analysis of Internet forums where perpetrators may have communicated and compiled dates within the malware used, a report from firm Taia Global said a linguistic analysis of the purported hacker messages points to Russian speakers rather than Korean.
The official said law enforcement is still treating the incident as an “active criminal investigation” but that that may or may not lead to a prosecution built on evidence that goes beyond a reasonable doubt.

And recently US Director of National Intelligence James Clapper has said at a cybersecurity conference that he suspects his North Korean counterpart to be behind the hack of Sony Pictures. The Daily Beast reports that Clapper said during his talk at the International Conference on Cybersecurity that General Kim Youn Chol may have been behind the hack.

Clapper explained that if North Korea were behind the hack, then General Kim would have had to authorise the action. General Kim is a four-star general in charge of North Korea's Reconnaissance General Bureau, the organisation that Clapper claims is responsible for the Sony hack.

Sony’s chief exec Kazuo Hirai said he does not expect the November cyber attack on the company's film studio to have a significant financial impact on the entertainment conglomerate, two weeks after the studio rolled out the movie after the attack.

"We are still reviewing the effects of the cyber attack," Hirai told reporters at the Consumer Electronics Show in Las Vegas. "However, I do not see it as something that will cause a material upheaval on Sony Pictures business operations, basically, in terms of results for the current fiscal year."

The studio, Sony Pictures Entertainment, said separately that the film, "The Interview," has generated revenue of $36 million (23 million pounds).

http://www.politico.com/story/2014/12/fbi-briefed-on-alternate-sony-hack-theory

http://uk.businessinsider.com/us-official-names-the-north-korean-general

http://world.einnews.com/article/243326473/qroI9QR0FlWGYhvP

http://uk.reuters.com/article/2015/01/06/uk-sony-cybersecurity

http://www.theregister.co.uk/2015/01/08/sony_megahack_financial_impact/

« ‘Anonymous’ Call For Revenge On Charlie Hebdo Terrorists
Dark Web thrives despite Operation Onymous »

Infosecurity Europe
CyberSecurity Jobsite
Perimeter 81
Cyrin

Real Attacks. Real Tools. Real Scenarios.
Schedule a demo

Sign Up: Cyber Security Intelligence Newsletter

Directory of Suppliers

LockLizard

LockLizard

Locklizard provides PDF DRM software that protects PDF documents from unauthorized access and misuse. Share and sell documents securely - prevent document leakage, sharing and piracy.

NordLayer

NordLayer

NordLayer is an adaptive network access security solution for modern businesses — from the world’s most trusted cybersecurity brand, Nord Security. 

Jooble

Jooble

Jooble is a job search aggregator operating in 71 countries worldwide. We simplify the job search process by displaying active job ads from major job boards and career sites across the internet.

CYRIN

CYRIN

CYRIN® Cyber Range. Real Tools, Real Attacks, Real Scenarios. See why leading educational institutions and companies in the U.S. have begun to adopt the CYRIN® system.

MIRACL

MIRACL

MIRACL provides the world’s only single step Multi-Factor Authentication (MFA) which can replace passwords on 100% of mobiles, desktops or even Smart TVs.

IT Security Guru

IT Security Guru

IT Security Gurus publish daily breaking news. interviews with the key thinkers in IT security, videos and the top 10 stories as picked by our Editor.

RPC

RPC

RPC is a business law firm. Practice areas include technology and cyber risk.

Resilient Information Systems Security (RISS)

Resilient Information Systems Security (RISS)

RISS is a research group is in the Department of Computing at Imperial College London.

Slovak Security Policy Institute (SSPI)

Slovak Security Policy Institute (SSPI)

Slovak Security Policy Institute is an independent non-governmental organization that focuses on research and analysis of security challenges including defence and cyber security.

BEAM Teknoloji

BEAM Teknoloji

BEAM Technology is an independent Software Quality and Security Testing Center in Turkey.

Gluu

Gluu

Modern Authentication for Digital Enterprise. Organizations around the world trust Gluu for large-scale, high-security identity & access management.

Qohash

Qohash

With a focus on data security, Qohash supports security, compliance and optimization use cases enhancing your risk management process.

KryptoKloud

KryptoKloud

KryptoKloud offer a suite of Managed Services including Security Monitoring and Incident Response as well as a full portfolio of Compliance, Governance and Audit solutions.

Matrium Technologies

Matrium Technologies

Matrium Technologies has been a leading provider of technology solutions since 1991, with a strong industry background in Network Testing, Network Visibility and Security.

Material Security

Material Security

Material is solving one of the most fundamental problems in security: protecting the data sitting in mailboxes.

Altospam

Altospam

Altospam is a full service corporate email protection, integrating multiple security levels for your emails.

Google Cloud

Google Cloud

Accelerate your digital transformation. Whether your business is early in its journey or well on its way to digital transformation, Google Cloud can help solve your toughest challenges.

Thunder Shield Security

Thunder Shield Security

Thunder Shield is a professional cyber security service provider of penetration test, source code review and security assessment services.

Codenotary

Codenotary

Codenotary provide a comprehensive suite of verification and enforcement services to guarantee the integrity of your software throughout its entire lifecycle.

Dryad Global

Dryad Global

Dryad Global offers a comprehensive suite of maritime intelligence solutions, including a best-in-class situational awareness, planning and security system and industry-leading cyber protection tools.

SecureKloud Technologies

SecureKloud Technologies

SecureKloud is a global leader in the Cloud services arena. Our experience in cloud consulting and servicing for highly regulated industries extends more than a decade.